Cyber Operations: Perspectives from DoD, IC, and DHSMalachi Walker
Cyber Operations is a term being used more and more by different industries across the public and private sectors. But are all of these organizations using the term the same? What does Cyber Operations mean in the light of the Department of Defense (DoD) and how similar or different is it to that of the Intelligence Community, Department of Homeland Security, and the industry that you operate in every day? WhiteHawk CEO Terry Roberts moderated a discussion combining these different perspectives and offered her own ideas towards identifying the current meaning and future of 'cyber operations'.
Roberts was joined by Chief Counsel at the Cybersecurity and Infrastructure Security Agency (CISA) Daniel Sutherland, Founder and Chief Security Officer (CSO) for Blackhorse Solutions, Timothy Newberry, and Senior Principal Architect for LMI Chris Allen.
Figure 1: From left to right- Daniel Sutherland, Tim Newberry, Chris Allen
Representing the Department of Defense perspective was Senior Principle Architect Chris Allen, who provides technical consulting to support the DoD Corrosion Policy and Oversight Office. He opened the panel by stating that the largest problem in cyber operations is speed. Data is being incurred faster than the speed of light, and we must learn how to manage such a fast growing and already large body of knowledge and use it to foster human intellect.
Allen advocated for an open source collaboration facility to monitor businesses for operational cyber threats more effectively. Additionally, he took a stand for Chief Data Officers, explaining that these positions are still in experimental phases, as they report to different places in different organizations. The positions, nonetheless, remain crucial because "IoT is coming within the next 36 months and it is going to eat the cloud". He believes it's going to be widespread and the uncertainty of its innovation could leave room for more risks. The next steps should be identifying what is coming at you, how to architect for it, and how to get in front of the curve before it happens.
Intelligence Community (IC)
Tim Newberry represented the intelligence community and drew from his experience of building a parallel database through Microsoft Access in order to normalize abundant amounts of data. Newberry reminded the audience "don't reinvent the wheel, use the resources you have". There is a wealth of platforms, software, and frameworks currently in existence that could be used to help better answer the questions of cyber operations and define this large set of data that we face.
"We're just a bunch of 40-year olds trying to chase 20-year olds and explain to 60-year olds how we do it", Newberry claimed while explaining that effective communication is important in the world of cyber operations. Currently, all that outsiders see is taxpayer dollars going to something that they do not understand; it is important to break down those barriers in order to maximize support and assistance.
When asked what is keeping the IC from truly assessing its capabilities, Newberry responded "cultural momentum… It takes time to turn an aircraft carrier". There are outreach initiatives in place to problem solve and implement improved requirements, but they are backlogged and need reinforcement. He added that they are making serious headway into implementing better requirements, talents, and opportunities, but that "nothing is going to move as fast as we want it to".
Department of Homeland Security (DHS)
"I'm from the government and I'm here to help" were the words from U.S. Cyber Command Chief Counsel Daniel Sutherland. DHS aims to enable the private sector to learn how to properly identify and combat threats. The department operates with machine to machine sharing capabilities and even has a team solely established for cybersecurity assessments on all levels of public websites.
Two of the largest initiatives Sutherland highlighted were the National Risk Management Center and operating in a legal framework that asks what are your products, relationships, and personal legal framework? The National Risk Management Center is a resource that analysts can use to tackle specific cyber risk issues in a collaborative manner.
Terry Roberts concluded the panel by asking what is one thing that would catapult cyber operations and how best can we fast track review of capabilities?
Chris Allen's takeaways were that we are not tied to what we know, and capabilities can be fast tracked by finding a way to get businesses closer to the government and share their "secret sauce" quicker.
Tim Newberry defined cyber operations as "a regular conventional occurrence", stating that it needed to be prioritized as such. To fast track capabilities, Newberry advocated for putting policies in place that allow regional managers to look through and buy commodities that best fit their cyber needs. We need to "increase trust to decrease time of purchase and decision" .
Daniel Sutherland stated that both questions could be answered by increased sharing of unique cyber threat combinations in the name of innovation, reiterating the key to this sharing is trust. "Until you have an entity trusted by (both) the government and private sector, you will not move at machine speed".
In closing, Roberts said "cyber operations is one of the broadest terms known to mankind based on how it brings these three perspectives together, but it can be helpful to think broadly to arrive at a solution".